Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
Lightrun for Node.js
Lightrun is a developer-native observabity platform. It's a way to add logs, inspect the state of the current execution (in a familiar, debugger-like view), and extract any type of code-level metric on the fly - without redeploying, restarting or even stopping the running application.
Check out our docs to learn more.
Getting Started
To get started with Lightrun you'll need three things:
- A Lightrun Account - you can get one here.
- A Lightrun Plugin - you'll have instructions to download it once you create an account, but you can also check them out here.
- A Lightrun Agent - which is this very NPM package! It's the thing that actually does the magic.
Once you've signed up for an account and downloaded the plugin, you can install the agent in your application.
Installing the Lightrun Agent
In order to install the Lightrun Node Agent please follow these steps:
-
In your project's folder, install the node agent by running
npm install lightrun. -
a. For regular Node.js applications - Require Lightrun at the start of your your application file (i.e.
index.jsorapp.js):require('lightrun').start({ lightrunSecret: '<COMPANY-SECRET>', });b. For TypeScript applications - Import Lightrun at the start of your your application file (i.e.
index.tsorapp.ts) and then start it:import * as lightrun from 'lightrun'; lightrun.start({ lightrunSecret: '<COMPANY-SECRET>', });You will have a
<COMPANY-SECRET>auto-generated for you during the onbaording process, right after signing up for an account.Important Note - Sourcemap Files
Lightrun for TypeScript needs to have sourcemap files available to it in order to work properly. Please make sure to set
sourceMaptotruewhen compiling your TypeScript code. -
Run the application as you normally would.
You should now see the application's agent popping up in the Lightrun Plugin's sidebar - you can now add logs, snapshots and metrics to your application.
Providing Credentials Via Environment Variables
You can optionally choose to provide the <COMPANY-SECRET> via environment variables to the Node process.
To do so, follow these steps after installing the agent (note that this does not work on Windows):
- Import Lightrun at the start of the file:
require('lightrun').start();
- Run the application with the environment variables provided before the
nodecommand:
LIGHTRUN_SECRET=<COMPANY_SECRET> node index.js
FAQs
Lightrun Debug Agent for Node.js
The npm package lightrun receives a total of 10,388 weekly downloads. As such, lightrun popularity was classified as popular.
We found that lightrun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Package last updated on 03 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025